3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-30 08:28:20 +02:00
Code Issues Projects Releases Packages Wiki Activity

Update JWT headers to only be in responses from forward auth endpoint (#642)

Browse source
This commit is contained in:
Travis Groth 2020-05-04 07:26:37 -04:00 committed by GitHub
parent f7ee08b05a
commit b2e3b22f14
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 96 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

11
proxy/middleware_test.go
View file

@ -73,7 +73,7 @@ func TestProxy_AuthenticateSession(t *testing.T) {
r = r.WithContext(ctx)
r.Header.Set("Accept", "application/json")
w := httptest.NewRecorder()
got := a.jwtClaimMiddleware(a.AuthenticateSession(fn))
got := a.jwtClaimMiddleware(false)(a.AuthenticateSession(fn))
got.ServeHTTP(w, r)
if status := w.Code; status != tt.wantStatus {
t.Errorf("AuthenticateSession() error = %v, wantErr %v\n%v", w.Result().StatusCode, tt.wantStatus, w.Body.String())
@ -113,7 +113,7 @@ func Test_jwtClaimMiddleware(t *testing.T) {
ctx = sessions.NewContext(ctx, string(state), nil)
r = r.WithContext(ctx)
w := httptest.NewRecorder()
proxyHandler := a.jwtClaimMiddleware(handler)
proxyHandler := a.jwtClaimMiddleware(true)(handler)
proxyHandler.ServeHTTP(w, r)
t.Run("email claim", func(t *testing.T) {
@ -130,6 +130,13 @@ func Test_jwtClaimMiddleware(t *testing.T) {
}
})
t.Run("email response claim", func(t *testing.T) {
emailHeader := w.Header().Get("x-pomerium-claim-email")
if emailHeader != email {
t.Errorf("did not find claim email in response, want=%q, got=%q", email, emailHeader)
}
})
t.Run("missing claim", func(t *testing.T) {
absentHeader := r.Header.Get("x-pomerium-claim-missing")
if absentHeader != "" {